Researchers infiltrate Kracken botnet, could clean it out

A group of security researchers today said they have infiltrated one of the world's biggest botnets and can snatch control of compromised machines from the hackers.

But while 3Com Corp.'s TippingPoint researchers said they have the ability to disinfect the systems by eradicating the malware installed on the hijacked PCs, the company has decided against the move, citing liability issues.

Pedram Amini, who leads TippingPoint's security research group, and Cody Pierce, a security researcher who is also part of that team, collaborated on a week-long project that started with the idea of verifying the size of the Kracken botnet but ended with an ethical quandary.

Pierce created a fake Kracken command-and-control server by reverse-engineering the list of domain names found in a captured sample of the bot. He then registered some of the subdomains that Kraken looks for. The server essentially acted as a command-and-control honeypot that waited for connections from PCs infected with the bot.